Bom processo específico sniffer / viewer? [fechadas]

Tente o link da rede da microsoft. Captura pacotes brutos. Além disso, organiza capturas de pacotes por processos na máquina.

CommView é um ótimo sniffer de pacotes. Não é grátis, mas tem muitos recursos, incluindo pacotes de filtragem por processos:

What you can do with CommView

• View detailed IP connections statistics: IP addresses, ports, sessions, etc.
• Reconstruct TCP sessions.
• Map packets to the application that is sending or receiving them.
• View protocols distribution, bandwidth utilization, and network nodes charts and tables.
• Generate traffic reports in real time.
• Browse captured and decoded packets in real time.
• Search for strings or hex data in captured packet contents.
• Import and export packets in Sniffer®, EtherPeek™, AiroPeek™, Observer®, NetMon, and Tcpdump formats, export packets in hex and text formats.
• Configure alarms that can notify you about important events, such as suspicious packets, high bandwidth utilization, unknown addresses, etc.
• Create your own plug-ins for decoding any protocol.
• Exchange data with your application over TCP/IP.
• Export any IP address to SmartWhois for quick, easy IP lookup.
• Capture loopback traffic (a new, unique feature in version 4.1).

Este é um requisito interessante.
Que tal usar sua ferramenta de captura favorita junto com netstat para rastrear as portas locais e o protocolo usado pelo processo durante o tempo de captura? você poderia então filtrar por eles mais tarde.

exemplo,

# with the capture running in the backround, loop over the following
netstat -nt --program | grep firefox
# this will give you a close trace of firefox connections

Claro, você vai sentir falta daqueles que terminam rapidamente entre as duas chamadas netstst .